DoJ did something remarkable when it sought email records of WaPo journos - not from an email provider but from the security firm Proofpoint. Why do this? I discuss reasons👇. DNS records show Proofpoint filtering Post email since 2015, CNN email since '17 zetter.substack.com/p/justice-depa…
DNS record shows Proofpoint server (pphosted.com) filtering WaPo email, which is why DoJ went after them for email data. Experts told me the move is troubling. It signals DoJ is willing to seek info from any company that touches comms, regardless of how tangential.
"it’s a warning to customers that even if their [email or cloud] provider has strong protections against improper law enforcement requests, the government 'can bypass that by going to a service provider that layers on top of that provider,'" EFF's @kurtopsahl told me.
It’s particularly “sad and ironic,” Opsahl said, that the government in this case targeted a security firm — “a company that would be brought into protect the mail for threats, actually becomes an attack vector.”
BTW, we know that DoJ sought WaPo email data from Proofpoint only because a court document was poorly redacted. Other documents had the identity of the provider covered, but one doc revealed it:
Proofpoint just responded to my ? asking what data they gave DoJ: “as an email threat detection provider and not an email service provider, we only had and provided the DOJ with the contact information at the WaPo and the distributor to whom we sold the threat detection services”
• • •
Missing some Tweet in this thread? You can try to
force a refresh
From the indictment of four Iranian intelligence officials charged with conspiracy to kidnap an Iranian journalist author and human rights activist based in Brooklyn, and take that person back to Iran, "where the victim’s fate would have been uncertain at best"
Note this from the indictment: "Farahani and his network procured the services of private investigators to surveil, photograph and video record Victim-1 and Victim-1’s household members in Brooklyn....
Chair of the Federal Reserve and CEOs of the largest US banks said in recent months that their biggest concern is a cyberattack against the financial sector. I wrote about what could happen if a systemic cyberattack targeted the financial sector. nytimes.com/2021/07/03/bus…
Experts say country is not prepared for a systemic cyberattack on Wall Street if it targets core institutions/infrastructure that provide key services. "[E]everybody believes an institution can be taken out... What we don’t know is how bad it would get and how fast,” experts said
Financial sector could withstand one large institution being knocked ou, but if multiple ones shut down, disruption could last wks. If attackers struck on a “triple witching” Friday when stock options/stock index futures/stock index options all expire, effects would be amplified.
Israeli TV says blasts that damaged the Natanz uranium enrichment plant in Iran in April was a supply-chain attack. Operatives supplied Iran with the marble platforms on which the centrifuges stand, and the marble was embedded with explosives. apnews.com/article/united…
"Media in Israel [have] to clear stories involving security matters through military censors. That Cohen’s remarks apparently cleared the censors suggests Israel wanted to issue a new warning to Iran amid the Vienna nuclear negotiations."
It's confusing which incident Israel TV is referring to. There were explosions at Natanz in July 2020 and April 2021. The 2020 incident involved fire; 2021 incident included explosion but mostly took out electricity. Here's my story about 2021 incident: zetter.substack.com/p/sabotage-at-…
Really thoughtful explanation from @propublica about why they're publishing tax info for the wealthiest Americans, which they received from an anonymous source. They considered that the info might come from "a state actor hostile to American interests." propublica.org/article/why-we…
"Many will ask about the ethics of publishing such private data. We are doing so—quite selectively and carefully—because we believe it serves the public interest in fundamental ways...[to disclose] tax returns of ppl like Jeff Bezos, Michael Bloomberg, Warren Buffett, Elon Musk"
"While the revelations in today’s story are extraordinary, the procedures..used in assessing the data’s value are standard..nearly everyone who provides material to a reporter is doing so in ways that reflect their...agenda....those motives are irrelevant if the info is reliable"
DoJ announces that it has found and recaptured the majority of the ransom that Colonial Pipeline paid.
They seized the money from a bitcoin wallet.
"We identified a virtual currency wallet that the Darkside actors used to collect payment.... Victim funds were seized from that wallet preventing Darkside actors from using it."
Adding to previous reports that DoJ had seized phone records of WaPo reporters, the NYT now says DoJ also secretly seized phone records of four NYT reporters spanning Jan 14-Apr 30, 2017: Matt Apuzzo, Adam Goldman, Eric Lichtblau and Michael S. Schmidt. nytimes.com/2021/06/02/us/…
In addition to phone records, DoJ also secured a court order to seize logs — but not contents — of the reporters' emails, but “no records" were actually obtained using the order. The Biden admin has since avowed that it will not seize journo records for leak investigations.
DoJ didn't say which article was being investigated but the NYT says it appears to be related to classified info reported in an April 22, 2017 article the reporters wrote about how James Comey "handled politically charged investigations during the 2016 presidential election."